Re: Remote access from Internet

On Mar 24, 7:36 am, Tarmo Kuuse <tarmo.ku...@xxxxxxx> wrote:
Hi all,

A residential/light-industrial power device has a simple web interface
which allows monitoring and configuring it, upgrading firmware etc. The
usual stuff.

Device is running eCos and web interface is powered by ATHTTPd with tcl
scripting.

Users do not feel warm and fuzzy dragging their bones to site, hooking
up a laptop and then clicking away whilst standing or sitting on a hay
pack. Neither do the service techs.

In a flash of brilliance we recognize the need for remote access.

We assume site is connected (naturally), but the Internet connection is
shared (device has private IP, router does NAT). We also assume the user
  installing it is not tech-savvy (i.e. blissfully oblivious of TCP/IP
networking), but is able to follow clear instructions.

My first idea was having the device ask the router to forward port 80
using UPnP. That will expose the web interface directly to the Internet.
Unfortunately neither the app or ATHTTPd are mature security-wise. It'll
be like dropping a shrink-wrapped steak in jungle and hoping it won't
get eaten.

IMHO the safest method would be a VPN between site and client. The
client, however, does not wish to hire an expensive IT admin to set it up..

How would you design remote access in this condition?

Ideal solution involves plug-and-play with 3-step instruction and no
software installed into client's computer (WinXP or Vista). Oh, and
flying porcupines :)

--
Kind regards,
Tarmo Kuuse

I just finished solving *almost* this problem a couple months back.
Almost because our box:
- runs Linux, and
- has GSM (receives text messages and runs GPRS)

Service is initiated by sending a text message, whereupon the box
starts openvpn... Works great ! openvpn's well-know port is not
blocked by the telecom providers NAT boxes (this system is using
GPRS for the connection, no hardwired access available).

Let us know how you do it with eCos !

Best Regards, Dave
.

Relevant Pages

  • Re: Remote access from Internet
    ... Device is running eCos and web interface is powered by ATHTTPd with tcl ... In a flash of brilliance we recognize the need for remote access. ... Or are you concerned about the web server that you're proposing to use ... If that's checked automagically at the ISP ...
    (comp.arch.embedded)
  • Re: remote desktop on LAN via web
    ... via remote desktop connection from home office laptop ... >> The client PC is connected to the internet via a shared internet ... > Presumably PC B is running Internet Connection Sharing, ... > want to use the web interface, you will need to set up the IIS interface on ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SSH attacks?
    ... > restrict what hosts can connect, ... > you know that a connection should only be from ... I wrote a few scripts and a web interface ... their dynamic IPs by authenticating themselves ...
    (Incidents)
  • Re: Computer question
    ... Road runner does not allow sending out except through their connection. ... go to the web interface of his email and do it there. ... He set up a gmail account today as a temporary fix but ...
    (rec.outdoors.rv-travel)
  • Re: Threading in asp.net issue - Thread stops
    ... Thx Richards ... What I'm trying to do is to propose to our users via a web interface ... they are experiencing TCP problems (the connection is ... > long runninf task. ...
    (microsoft.public.dotnet.languages.csharp)